wyrm-mcp 7.2.0 → 7.2.2

package/dist/http-fast.js

@@ -1,1196 +1,80 @@
 #!/usr/bin/env node
-/**
- * 󱅝 Wyrm Fast API
- * Optimized for AI consumption - minimal latency, compact responses
- *
- * Copyright (c) 2025 Ghost Protocol LLC. All rights reserved.
- * This is proprietary software. Unauthorized use, modification,
- * or distribution is strictly prohibited.
- */
-import http from 'http';
-import { WyrmDB } from './database.js';
-import { cache, estimateTokens, truncateToTokens, timed } from './performance.js';
-import { authMiddleware, getAuthStatus, getSecurityHeaders } from './http-auth.js';
-import { WyrmLogger } from './logger.js';
-import { sanitizeFtsQuery, validateProjectPath } from './security.js';
-import { readFileSync as _readAsset, existsSync as _assetExists, readdirSync as _readdir, realpathSync as _realpath } from 'fs';
-import { homedir as _homedir } from 'os';
-import { dirname as _assetDir, join as _assetJoin } from 'path';
-import { fileURLToPath as _assetUrl } from 'url';
-// The Ghost Protocol silver dragon — served to the /ui dashboard as the brand mark.
-const DRAGON_SVG_PATH = _assetJoin(_assetDir(_assetUrl(import.meta.url)), '..', 'ui', 'dragon-mark.svg');
-let _dragonSvgCache = null;
-import { getUIDashboardHTML } from './ui-dashboard.js';
-import { verifyLicense } from './license.js';
-import { MemoryArtifacts } from './memory-artifacts.js';
-import { GroundTruths, computeStaleness } from './intelligence.js';
-import { FailurePatterns } from './failure-patterns.js';
-import { handleDaemonWrite } from './daemon-write-endpoint.js';
-import { retryableWriteCause, busyErrorBody } from './sqlite-busy.js';
-import { sseFrame, resolveStartCursor, SSE_KEEPALIVE } from './events-sse.js';
-import { readonlyBlocks } from './readonly-gate.js';
-import { resolveActorEnvelope, runWithActor } from './handlers/boundary.js';
-const PORT = parseInt(process.env.WYRM_PORT || '3333') || 3333; // || 3333 guards NaN
-// Read-only / public-view mode. When set, a single dispatcher-level gate (below)
-// 403s every mutating request plus the off-box egress reads, so the dashboard is
-// safe to expose beyond localhost. Pair it with WYRM_UI_READONLY=1 whenever the
-// server is bound to a non-loopback host. The client hides controls to match.
-const READONLY = process.env.WYRM_UI_READONLY === '1';
-const MAX_BODY_SIZE = 512 * 1024; // 512KB - smaller for fast API
-const MAX_BATCH_OPS = 500;
-const MAX_SSE_STREAMS = parseInt(process.env.WYRM_MAX_SSE_STREAMS || '64', 10) || 64; // DoS guard: cap concurrent SSE
-const MAX_SSE_PER_IP = parseInt(process.env.WYRM_MAX_SSE_PER_IP || '8', 10) || 8; // per-client SSE cap (one client can't starve the rest)
-let activeStreams = 0;
-const sseByIp = new Map();
-// Honor WYRM_DB_PATH (consistent with the CLI) so the HTTP server / dashboard
-// can be pointed at a specific Wyrm home; falls back to the default ~/.wyrm/wyrm.db.
-//
-// v7 F2 (T012): the DB open is LAZY. `new WyrmDB(...)` at module top-level
-// meant ANY import of this module (wyrm-cli `serve`, tests, tooling)
-// synchronously opened the database and ran migrations as a side effect of
-// the import itself — which is why events-sse.ts and the actor-envelope tests
-// had to avoid importing this file at all. First touch now happens on the
-// first request that needs it (or on an explicit account switch). The holder
-// stays re-pointable for the dashboard account switcher; the domain instances
-// below are keyed to the live connection and reset on switch.
-let _db = null;
-let _artifacts = null;
-let _truths = null;
-let _failures = null;
-function getDb() {
-    if (!_db)
-        _db = new WyrmDB(process.env.WYRM_DB_PATH);
-    return _db;
-}
-function getArtifacts() {
-    if (!_artifacts)
-        _artifacts = new MemoryArtifacts(getDb().getDatabase());
-    return _artifacts;
-}
-function getTruths() {
-    if (!_truths)
-        _truths = new GroundTruths(getDb().getDatabase());
-    return _truths;
-}
-function getFailures() {
-    if (!_failures)
-        _failures = new FailurePatterns(getDb().getDatabase());
-    return _failures;
-}
-/** Re-point the server at another Wyrm home (dashboard account switcher).
- * Domain instances are reset so they can never hold a closed connection —
- * the old module-level `const artifacts/truths` kept pointing at the ORIGINAL
- * DB after a switch (latent stale-handle bug, fixed by the lazy refactor). */
-function switchDb(next) {
-    const old = _db;
-    _db = next;
-    _artifacts = null;
-    _truths = null;
-    _failures = null;
-    try {
-        old?.close();
-    }
-    catch { /* old connection may already be gone */ }
-}
-/**
- * Discover the Wyrm "homes" on this machine (the default ~/.wyrm plus any
- * ~/.wyrm-* dirs that hold a wyrm.db), for the dashboard account switcher.
- * Deduped by real path so a ~/.wyrm symlink doesn't double-list its target.
- * Each home reports the account + tier from its own license (or cloud login).
- */
-function discoverHomes() {
-    const out = [];
-    const root = _homedir();
-    const seen = new Set();
-    let entries = [];
-    try {
-        entries = _readdir(root);
-    }
-    catch {
-        return out;
-    }
-    // Process the real `.wyrm-*` homes before the bare `.wyrm` symlink so the real
-    // dir name wins the label and the symlink dedups against it.
-    entries.sort((a, b) => b.localeCompare(a));
-    for (const e of entries) {
-        if (e !== '.wyrm' && !e.startsWith('.wyrm-'))
-            continue;
-        let real;
-        try {
-            real = _realpath(_assetJoin(root, e));
-        }
-        catch {
-            continue;
-        }
-        if (seen.has(real))
-            continue;
-        const dbPath = _assetJoin(real, 'wyrm.db');
-        if (!_assetExists(dbPath))
-            continue;
-        seen.add(real);
-        let account = 'Local', tier = 'free';
-        try {
-            const licPath = _assetJoin(real, 'license.json');
-            if (_assetExists(licPath)) {
-                const signed = JSON.parse(_readAsset(licPath, 'utf-8'));
-                const v = verifyLicense(signed);
-                account = (signed.license && signed.license.issued_to) || account;
-                tier = v.valid ? v.tier : 'free';
-            }
-            else {
-                const cloudPath = _assetJoin(real, 'cloud.json');
-                if (_assetExists(cloudPath)) {
-                    const c = JSON.parse(_readAsset(cloudPath, 'utf-8'));
-                    account = c.email || account;
-                }
-            }
-        }
-        catch { /* unreadable license/cloud: leave defaults */ }
-        const base = e.replace(/^\.wyrm-?/, '') || 'default';
-        out.push({ name: base, dbPath, account, tier });
-    }
-    return out;
-}
-const logger = new WyrmLogger({ level: 'info' });
-// Clamp a query-string `?l=N` integer into [1, max] with a default fallback.
-// Hardens against `?l=-1` (SQLite treats negative LIMIT as "no limit" → unbounded
-// streaming → DoS) and `?l=abc` (NaN → SQLite reads 0 → silent empty result).
-function clampLimit(raw, fallback, max) {
-    const n = Number.parseInt(String(raw ?? ''), 10);
-    if (!Number.isFinite(n) || n < 1)
-        return fallback;
-    return Math.min(n, max);
-}
-// Resolve a project reference that may be a path (preferred) or a name.
-// Used by the Live Memory event endpoints, whose public param is `?project=`.
-function resolveProjectRef(ref) {
-    const key = ref == null ? '' : String(ref);
-    if (!key)
-        return undefined;
-    return getDb().getProject(key) || getDb().getProjectByName(key);
-}
-// Minimal JSON response with security headers
-function send(res, req, data, status = 200) {
-    const json = JSON.stringify(data);
-    const securityHeaders = getSecurityHeaders(req);
-    res.writeHead(status, {
-        'Content-Type': 'application/json',
-        'Content-Length': Buffer.byteLength(json),
-        'X-Tokens': String(estimateTokens(data)),
-        ...securityHeaders
-    });
-    res.end(json);
-}
-// HTML response for the browser dashboard
-function sendHtml(res, req, html) {
-    const securityHeaders = getSecurityHeaders(req);
-    res.writeHead(200, {
-        ...securityHeaders,
-        'Content-Type': 'text/html; charset=utf-8',
-        'Content-Length': Buffer.byteLength(html),
-        'Cache-Control': 'no-store',
-    });
-    res.end(html);
-}
-// Fast body parser with size limit
-function body(req) {
-    return new Promise((resolve, reject) => {
-        if (req.method === 'GET') {
-            resolve({});
-            return;
-        }
-        let data = '';
-        let size = 0;
-        req.on('data', (chunk) => {
-            size += chunk.length;
-            if (size > MAX_BODY_SIZE) {
-                req.destroy();
-                reject(new Error('Request body too large'));
-                return;
-            }
-            data += chunk;
-        });
-        req.on('end', () => {
-            try {
-                resolve(data ? JSON.parse(data) : {});
-            }
-            catch {
-                reject(new Error('Invalid JSON'));
-            }
-        });
-        req.on('error', reject);
-    });
-}
-const routes = {
-    // Quick context for AI - most used endpoint
-    'GET /c': (args) => {
-        const cacheKey = `ctx:${args.p || 'global'}`;
-        const cached = cache.get(cacheKey);
-        if (cached)
-            return cached;
-        const projectPath = args.p;
-        let result;
-        if (projectPath) {
-            const project = getDb().getProject(projectPath);
-            if (!project)
-                return { e: 'not found' };
-            const quests = getDb().getPendingQuests(project.id);
-            const sessions = getDb().getRecentSessions(project.id, 3);
-            result = {
-                n: project.name,
-                s: project.stack,
-                q: quests.length,
-                qt: quests.slice(0, 5).map(q => q.title),
-                r: sessions[0]?.summary || sessions[0]?.notes?.slice(0, 200) || null
-            };
-        }
-        else {
-            const projects = getDb().getAllProjects(20);
-            const quests = getDb().getAllPendingQuests();
-            result = {
-                p: projects.map(p => ({ n: p.name, s: p.stack, q: getDb().getPendingQuests(p.id).length })),
-                tq: quests.length
-            };
-        }
-        cache.set(cacheKey, result);
-        return result;
-    },
-    // List projects - compact
-    'GET /p': () => {
-        const cached = cache.get('projects');
-        if (cached)
-            return cached;
-        const projects = getDb().getAllProjects(50);
-        const result = projects.map(p => ({
-            i: p.id,
-            n: p.name,
-            p: p.path,
-            s: p.stack
-        }));
-        cache.set('projects', result);
-        return result;
-    },
-    // Scan for projects
-    'POST /scan': (args) => {
-        const dir = (args.d || args.directory || process.env.HOME + '/Git Projects');
-        const resolved = validateProjectPath(dir);
-        if (!resolved)
-            return { e: 'path not allowed' };
-        cache.invalidate();
-        const projects = getDb().scanForProjects(resolved, true);
-        return { found: projects.length };
-    },
-    // Get quests
-    'GET /q': (args) => {
-        const projectPath = args.p;
-        if (projectPath) {
-            const project = getDb().getProject(projectPath);
-            if (!project)
-                return { e: 'not found' };
-            return getDb().getPendingQuests(project.id).map(q => ({
-                i: q.id,
-                t: q.title,
-                p: q.priority[0]
-            }));
-        }
-        return getDb().getAllPendingQuests().slice(0, 20).map(q => ({
-            i: q.id,
-            t: q.title,
-            p: q.priority[0]
-        }));
-    },
-    // Add quest
-    'POST /q': (args) => {
-        const projectPath = args.p;
-        const project = getDb().getProject(projectPath);
-        if (!project)
-            return { e: 'not found' };
-        cache.invalidate('ctx');
-        const quest = getDb().addQuest(project.id, args.t, args.d, args.pr || 'medium');
-        return { i: quest.id };
-    },
-    // Complete quest
-    'POST /qc': (args) => {
-        const id = typeof args.i === 'number' ? args.i : parseInt(String(args.i), 10);
-        if (!id || id < 1)
-            return { e: 'id required' };
-        cache.invalidate('ctx');
-        getDb().updateQuest(id, 'completed');
-        return { ok: 1 };
-    },
-    // Start/get session
-    'POST /s': (args) => {
-        const projectPath = args.p;
-        let project = getDb().getProject(projectPath);
-        if (!project) {
-            getDb().scanForProjects(projectPath, false);
-            project = getDb().getProject(projectPath);
-        }
-        if (!project)
-            return { e: 'not found' };
-        let session = getDb().getTodaySession(project.id);
-        if (!session) {
-            session = getDb().createSession(project.id, {
-                objectives: args.o || '',
-                notes: ''
-            });
-        }
-        cache.invalidate('ctx');
-        return { i: session.id, d: session.date };
-    },
-    // Update session
-    'POST /su': (args) => {
-        const id = args.i;
-        cache.invalidate('ctx');
-        getDb().updateSession(id, {
-            notes: args.n,
-            summary: args.s,
-            completed: args.c
-        });
-        return { ok: 1 };
-    },
-    // Set context
-    'POST /x': (args) => {
-        const projectPath = args.p;
-        const project = getDb().getProject(projectPath);
-        if (!project)
-            return { e: 'not found' };
-        getDb().setContext(project.id, args.k, args.v);
-        cache.invalidate('ctx');
-        return { ok: 1 };
-    },
-    // Get context
-    'GET /x': (args) => {
-        const projectPath = args.p;
-        const project = getDb().getProject(projectPath);
-        if (!project)
-            return { e: 'not found' };
-        return getDb().getAllContext(project.id);
-    },
-    // Global context
-    'POST /g': (args) => {
-        const k = args.k;
-        const v = args.v;
-        if (!k || typeof k !== 'string')
-            return { e: 'k (key) required' };
-        if (v === undefined || v === null)
-            return { e: 'v (value) required' };
-        getDb().setGlobalContext(k, String(v));
-        cache.invalidate();
-        return { ok: 1 };
-    },
-    'GET /g': () => getDb().getAllGlobalContext(),
-    // Search
-    'GET /s': (args) => {
-        const q = args.q;
-        if (!q)
-            return { e: 'query required' };
-        const sanitized = sanitizeFtsQuery(q);
-        const results = {
-            q: getDb().searchQuests(sanitized).slice(0, 5).map(x => ({ i: x.id, t: x.title })),
-            s: getDb().searchSessions(sanitized).slice(0, 3).map(x => ({ i: x.id, d: x.date })),
-            p: getDb().searchProjects(sanitized).slice(0, 3).map(x => ({ n: x.name, p: x.path }))
-        };
-        return results;
-    },
-    // Data lake - insert
-    'POST /d': (args) => {
-        const projectPath = args.p;
-        const project = getDb().getProject(projectPath);
-        if (!project)
-            return { e: 'not found' };
-        const dp = getDb().insertData(project.id, args.c, args.k, args.v, args.m);
-        return { i: dp.id };
-    },
-    // Data lake - query
-    'GET /d': (args) => {
-        const projectPath = args.p;
-        const project = getDb().getProject(projectPath);
-        if (!project)
-            return { e: 'not found' };
-        const limit = clampLimit(args.l, 20, 100);
-        return getDb().queryData(project.id, args.c, limit).map(d => ({
-            k: d.key,
-            v: truncateToTokens(d.value, 100)
-        }));
-    },
-    // Data lake - server-side aggregation for payload-effectiveness records.
-    // Built for PhantomDragon Fleet Intelligence Phase 2.1 — replaces the
-    // client-side aggregation in `phantom_dragon_ai/intel.py:payload_effectiveness`
-    // which doesn't scale once an org accumulates thousands of records.
-    //
-    // Records are JSON blobs in `data_lake.value` with shape:
-    //   { scanner, payload_hash, stack_key, hit, ts, ... }
-    //
-    // Aggregates into per-(scanner, payload_hash) hit-rate, optionally
-    // filtered by stack_key and/or scanner. Sorted by hit rate descending.
-    // Compact wire format: [{s, ph, sk, h, t, r}] — s=scanner,
-    // ph=payload_hash, sk=stack_key, h=hits, t=total, r=rate.
-    'GET /d/agg': (args) => {
-        const projectPath = args.p;
-        const project = getDb().getProject(projectPath);
-        if (!project)
-            return { e: 'not found' };
-        const category = args.c;
-        if (!category)
-            return { e: 'c (category) required' };
-        const stackKey = args.stack_key;
-        const scannerFilter = args.scanner;
-        // Cap higher than /d because aggregation needs the full corpus to
-        // produce stable rates. Bounded so a malicious request can't OOM us.
-        const limit = clampLimit(args.l, 1000, 10000);
-        const agg = {};
-        for (const row of getDb().queryData(project.id, category, limit)) {
-            let rec;
-            try {
-                rec = JSON.parse(row.value);
-            }
-            catch {
-                continue;
-            }
-            if (stackKey && rec.stack_key !== stackKey)
-                continue;
-            if (scannerFilter && rec.scanner !== scannerFilter)
-                continue;
-            const scanner = String(rec.scanner ?? '');
-            const payloadHash = String(rec.payload_hash ?? '');
-            if (!scanner || !payloadHash)
-                continue;
-            const key = `${scanner}:${payloadHash}`;
-            const entry = agg[key] ?? {
-                s: scanner,
-                ph: payloadHash,
-                sk: String(rec.stack_key ?? ''),
-                h: 0,
-                t: 0,
-            };
-            entry.t += 1;
-            if (rec.hit)
-                entry.h += 1;
-            agg[key] = entry;
-        }
-        return Object.values(agg)
-            .map(e => ({ ...e, r: e.t > 0 ? e.h / e.t : 0 }))
-            .sort((a, b) => b.r - a.r || b.h - a.h);
-    },
-    // Batch operations
-    'POST /batch': (args) => {
-        const ops = args.ops;
-        if (!ops || !Array.isArray(ops))
-            return { e: 'ops required' };
-        if (ops.length > MAX_BATCH_OPS)
-            return { e: `max ${MAX_BATCH_OPS} ops per batch` };
-        const start = performance.now();
-        const results = ops.map(op => {
-            const key = `${op.m} ${op.r}`;
-            const handler = routes[key];
-            if (!handler)
-                return { e: 'unknown' };
-            try {
-                return { d: handler(op.a || {}) };
-            }
-            catch {
-                return { e: 'op failed' };
-            }
-        });
-        return { r: results, ms: Math.round(performance.now() - start) };
-    },
-    // ==================== v7 F2 (T012) — daemon-as-writer ====================
-    // The single internal write endpoint for WYRM_DAEMON_WRITES=1 clients
-    // (src/daemon-writer.ts). CLOSED op allowlist + boundary validation live in
-    // daemon-write-endpoint.ts (unit-tested without booting this server, the
-    // readonly-gate.ts pattern). Security posture (Article VII): behind
-    // authMiddleware like every route (Bearer token required when auth is on),
-    // POST → auto-blocked by the read-only gate, loopback bind by default, and
-    // the Wyrm-Actor envelope is already live around this handler so daemon-side
-    // writes stamp the CALLER's agent_id/run_id.
-    // Wire contract by commit proof: a deterministic SQLITE_CONSTRAINT rollback
-    // returns the rejected {e} shape (the client fails direct and surfaces the
-    // real error); SQLITE_BUSY propagates to the dispatcher catch below → the
-    // structured 503 (proven no-commit); any OTHER throw stays a generic 500,
-    // which the client must treat as commit-state-UNKNOWN — never widen 5xx
-    // mapping here without proving rollback.
-    'POST /write': (args) => handleDaemonWrite({ db: getDb(), artifacts: getArtifacts(), truths: getTruths(), failures: getFailures() }, args),
-    // ==================== v4.0.0 — LSP-facing helpers ====================
-    // These power the wyrm-lsp Language Server. Keep responses compact.
-    // GET /syms?q=<symbol>&limit=N  — workspace-wide symbol lookup
-    'GET /syms': (args) => {
-        const q = String(args.q ?? '').slice(0, 200);
-        if (!q)
-            return [];
-        const limit = clampLimit(args.limit, 20, 200);
-        const dbRaw = getDb().getDatabase();
-        try {
-            return dbRaw.prepare(`
+import Q from"http";import{WyrmDB as F}from"./database.js";import{cache as E,estimateTokens as X,truncateToTokens as K,timed as H}from"./performance.js";import{authMiddleware as z,getAuthStatus as D,getSecurityHeaders as L}from"./http-auth.js";import{WyrmLogger as V}from"./logger.js";import{sanitizeFtsQuery as W,validateProjectPath as Z}from"./security.js";import{readFileSync as R,existsSync as y,readdirSync as tt,realpathSync as G}from"fs";import{homedir as et}from"os";import{dirname as U,join as _}from"path";import{fileURLToPath as rt}from"url";const x=_(U(rt(import.meta.url)),"..","ui","dragon-mark.svg");let v=null;import{getUIDashboardHTML as nt}from"./ui-dashboard.js";import{verifyLicense as B}from"./license.js";import{MemoryArtifacts as st}from"./memory-artifacts.js";import{GroundTruths as ot,computeStaleness as at}from"./intelligence.js";import{FailurePatterns as ct}from"./failure-patterns.js";import{handleDaemonWrite as it}from"./daemon-write-endpoint.js";import{retryableWriteCause as ut,busyErrorBody as lt}from"./sqlite-busy.js";import{sseFrame as dt,resolveStartCursor as Y,SSE_KEEPALIVE as mt}from"./events-sse.js";import{readonlyBlocks as pt}from"./readonly-gate.js";import{resolveActorEnvelope as ft,runWithActor as Et}from"./handlers/boundary.js";const C=parseInt(process.env.WYRM_PORT||"3333")||3333,T=process.env.WYRM_UI_READONLY==="1",ht=512*1024,b=500,St=parseInt(process.env.WYRM_MAX_SSE_STREAMS||"64",10)||64,_t=parseInt(process.env.WYRM_MAX_SSE_PER_IP||"8",10)||8;let N=0;const O=new Map;let g=null,j=null,M=null,I=null;function o(){return g||(g=new F(process.env.WYRM_DB_PATH)),g}function yt(){return j||(j=new st(o().getDatabase())),j}function Tt(){return M||(M=new ot(o().getDatabase())),M}function Ot(){return I||(I=new ct(o().getDatabase())),I}function gt(t){const e=g;g=t,j=null,M=null,I=null;try{e?.close()}catch{}}function $(){const t=[],e=et(),r=new Set;let n=[];try{n=tt(e)}catch{return t}n.sort((s,a)=>a.localeCompare(s));for(const s of n){if(s!==".wyrm"&&!s.startsWith(".wyrm-"))continue;let a;try{a=G(_(e,s))}catch{continue}if(r.has(a))continue;const u=_(a,"wyrm.db");if(!y(u))continue;r.add(a);let c="Local",i="free";try{const m=_(a,"license.json");if(y(m)){const d=JSON.parse(R(m,"utf-8")),p=B(d);c=d.license&&d.license.issued_to||c,i=p.valid?p.tier:"free"}else{const d=_(a,"cloud.json");y(d)&&(c=JSON.parse(R(d,"utf-8")).email||c)}}catch{}const l=s.replace(/^\.wyrm-?/,"")||"default";t.push({name:l,dbPath:u,account:c,tier:i})}return t}const A=new V({level:"info"});function S(t,e,r){const n=Number.parseInt(String(t??""),10);return!Number.isFinite(n)||n<1?e:Math.min(n,r)}function P(t){const e=t==null?"":String(t);if(e)return o().getProject(e)||o().getProjectByName(e)}function h(t,e,r,n=200){const s=JSON.stringify(r),a=L(e);t.writeHead(n,{"Content-Type":"application/json","Content-Length":Buffer.byteLength(s),"X-Tokens":String(X(r)),...a}),t.end(s)}function Rt(t,e,r){const n=L(e);t.writeHead(200,{...n,"Content-Type":"text/html; charset=utf-8","Content-Length":Buffer.byteLength(r),"Cache-Control":"no-store"}),t.end(r)}function vt(t){return new Promise((e,r)=>{if(t.method==="GET"){e({});return}let n="",s=0;t.on("data",a=>{if(s+=a.length,s>ht){t.destroy(),r(new Error("Request body too large"));return}n+=a}),t.on("end",()=>{try{e(n?JSON.parse(n):{})}catch{r(new Error("Invalid JSON"))}}),t.on("error",r)})}const J={"GET /c":t=>{const e=`ctx:${t.p||"global"}`,r=E.get(e);if(r)return r;const n=t.p;let s;if(n){const a=o().getProject(n);if(!a)return{e:"not found"};const u=o().getPendingQuests(a.id),c=o().getRecentSessions(a.id,3);s={n:a.name,s:a.stack,q:u.length,qt:u.slice(0,5).map(i=>i.title),r:c[0]?.summary||c[0]?.notes?.slice(0,200)||null}}else{const a=o().getAllProjects(20),u=o().getAllPendingQuests();s={p:a.map(c=>({n:c.name,s:c.stack,q:o().getPendingQuests(c.id).length})),tq:u.length}}return E.set(e,s),s},"GET /p":()=>{const t=E.get("projects");if(t)return t;const r=o().getAllProjects(50).map(n=>({i:n.id,n:n.name,p:n.path,s:n.stack}));return E.set("projects",r),r},"POST /scan":t=>{const e=t.d||t.directory||process.env.HOME+"/Git Projects",r=Z(e);return r?(E.invalidate(),{found:o().scanForProjects(r,!0).length}):{e:"path not allowed"}},"GET /q":t=>{const e=t.p;if(e){const r=o().getProject(e);return r?o().getPendingQuests(r.id).map(n=>({i:n.id,t:n.title,p:n.priority[0]})):{e:"not found"}}return o().getAllPendingQuests().slice(0,20).map(r=>({i:r.id,t:r.title,p:r.priority[0]}))},"POST /q":t=>{const e=t.p,r=o().getProject(e);return r?(E.invalidate("ctx"),{i:o().addQuest(r.id,t.t,t.d,t.pr||"medium").id}):{e:"not found"}},"POST /qc":t=>{const e=typeof t.i=="number"?t.i:parseInt(String(t.i),10);return!e||e<1?{e:"id required"}:(E.invalidate("ctx"),o().updateQuest(e,"completed"),{ok:1})},"POST /s":t=>{const e=t.p;let r=o().getProject(e);if(r||(o().scanForProjects(e,!1),r=o().getProject(e)),!r)return{e:"not found"};let n=o().getTodaySession(r.id);return n||(n=o().createSession(r.id,{objectives:t.o||"",notes:""})),E.invalidate("ctx"),{i:n.id,d:n.date}},"POST /su":t=>{const e=t.i;return E.invalidate("ctx"),o().updateSession(e,{notes:t.n,summary:t.s,completed:t.c}),{ok:1}},"POST /x":t=>{const e=t.p,r=o().getProject(e);return r?(o().setContext(r.id,t.k,t.v),E.invalidate("ctx"),{ok:1}):{e:"not found"}},"GET /x":t=>{const e=t.p,r=o().getProject(e);return r?o().getAllContext(r.id):{e:"not found"}},"POST /g":t=>{const e=t.k,r=t.v;return!e||typeof e!="string"?{e:"k (key) required"}:r==null?{e:"v (value) required"}:(o().setGlobalContext(e,String(r)),E.invalidate(),{ok:1})},"GET /g":()=>o().getAllGlobalContext(),"GET /s":t=>{const e=t.q;if(!e)return{e:"query required"};const r=W(e);return{q:o().searchQuests(r).slice(0,5).map(s=>({i:s.id,t:s.title})),s:o().searchSessions(r).slice(0,3).map(s=>({i:s.id,d:s.date})),p:o().searchProjects(r).slice(0,3).map(s=>({n:s.name,p:s.path}))}},"POST /d":t=>{const e=t.p,r=o().getProject(e);return r?{i:o().insertData(r.id,t.c,t.k,t.v,t.m).id}:{e:"not found"}},"GET /d":t=>{const e=t.p,r=o().getProject(e);if(!r)return{e:"not found"};const n=S(t.l,20,100);return o().queryData(r.id,t.c,n).map(s=>({k:s.key,v:K(s.value,100)}))},"GET /d/agg":t=>{const e=t.p,r=o().getProject(e);if(!r)return{e:"not found"};const n=t.c;if(!n)return{e:"c (category) required"};const s=t.stack_key,a=t.scanner,u=S(t.l,1e3,1e4),c={};for(const i of o().queryData(r.id,n,u)){let l;try{l=JSON.parse(i.value)}catch{continue}if(s&&l.stack_key!==s||a&&l.scanner!==a)continue;const m=String(l.scanner??""),d=String(l.payload_hash??"");if(!m||!d)continue;const p=`${m}:${d}`,f=c[p]??{s:m,ph:d,sk:String(l.stack_key??""),h:0,t:0};f.t+=1,l.hit&&(f.h+=1),c[p]=f}return Object.values(c).map(i=>({...i,r:i.t>0?i.h/i.t:0})).sort((i,l)=>l.r-i.r||l.h-i.h)},"POST /batch":t=>{const e=t.ops;if(!e||!Array.isArray(e))return{e:"ops required"};if(e.length>b)return{e:`max ${b} ops per batch`};const r=performance.now();return{r:e.map(s=>{const a=`${s.m} ${s.r}`,u=J[a];if(!u)return{e:"unknown"};try{return{d:u(s.a||{})}}catch{return{e:"op failed"}}}),ms:Math.round(performance.now()-r)}},"POST /write":t=>it({db:o(),artifacts:yt(),truths:Tt(),failures:Ot()},t),"GET /syms":t=>{const e=String(t.q??"").slice(0,200);if(!e)return[];const r=S(t.limit,20,200),n=o().getDatabase();try{return n.prepare(`
         SELECT symbol, kind, language, file_path, line, signature, project_id
         FROM symbol_index
         WHERE symbol LIKE ?
         ORDER BY project_id, file_path, line
         LIMIT ?
-      `).all(`%${q}%`, limit);
-        }
-        catch {
-            return [];
-        }
-    },
-    // GET /failures?target=<file-or-symbol>&limit=N  — unresolved failures
-    'GET /failures': (args) => {
-        const target = String(args.target ?? '').slice(0, 200);
-        const limit = clampLimit(args.limit, 10, 100);
-        const dbRaw = getDb().getDatabase();
-        try {
-            // Match by exact target or LIKE substring (LSP hover passes a symbol;
-            // diagnostics pass a file path — both work).
-            return dbRaw.prepare(`
+      `).all(`%${e}%`,r)}catch{return[]}},"GET /failures":t=>{const e=String(t.target??"").slice(0,200),r=S(t.limit,10,100),n=o().getDatabase();try{return n.prepare(`
         SELECT id, scope, target, description, why_failed, occurrences,
                severity, last_seen
         FROM failure_patterns
         WHERE resolved = 0 AND (target = ? OR target LIKE ?)
         ORDER BY occurrences DESC, last_seen DESC
         LIMIT ?
-      `).all(target, `%${target}%`, limit);
-        }
-        catch {
-            return [];
-        }
-    },
-    // GET /truths?q=<query>&limit=N  — FTS or LIKE over ground truths
-    'GET /truths': (args) => {
-        const q = String(args.q ?? '').slice(0, 200);
-        const limit = clampLimit(args.limit, 5, 50);
-        if (!q)
-            return [];
-        const dbRaw = getDb().getDatabase();
-        try {
-            // Conservative LIKE — keep predictable for LSP hover latency.
-            return dbRaw.prepare(`
+      `).all(e,`%${e}%`,r)}catch{return[]}},"GET /truths":t=>{const e=String(t.q??"").slice(0,200),r=S(t.limit,5,50);if(!e)return[];const n=o().getDatabase();try{return n.prepare(`
         SELECT category, key, value, rationale, confidence, ttl_days
         FROM ground_truths
         WHERE is_current = 1
           AND (key LIKE ? OR value LIKE ? OR rationale LIKE ?)
         ORDER BY confidence DESC
         LIMIT ?
-      `).all(`%${q}%`, `%${q}%`, `%${q}%`, limit);
-        }
-        catch {
-            return [];
-        }
-    },
-    // GET /audit?limit=N[&kind=...]  — recent audit entries
-    'GET /audit': (args) => {
-        const limit = clampLimit(args.limit, 50, 500);
-        const kind = args.kind;
-        const dbRaw = getDb().getDatabase();
-        try {
-            if (kind) {
-                return dbRaw.prepare('SELECT * FROM audit_log WHERE event_kind = ? ORDER BY id DESC LIMIT ?').all(kind, limit);
-            }
-            return dbRaw.prepare('SELECT * FROM audit_log ORDER BY id DESC LIMIT ?').all(limit);
-        }
-        catch {
-            return [];
-        }
-    },
-    // GET /sync/push?since=<iso>&limit=N — collect shared rows for push
-    'GET /sync/push': (args) => {
-        const since = args.since;
-        const limit = clampLimit(args.limit, 500, 5000);
-        const dbRaw = getDb().getDatabase();
-        const out = [];
-        const cursor = since ?? '1970-01-01';
-        const tables = [
-            ['session', 'sessions', 'created_at'],
-            ['quest', 'quests', 'created_at'],
-            ['truth', 'ground_truths', 'updated_at'],
-            ['artifact', 'memory_artifacts', 'last_accessed_at'],
-            ['edge', 'decision_edges', 'created_at'],
-        ];
-        // [grove isolation] This route is the team-Wyrm pull surface; it must honour
-        // the same grove gate as Federation.collectForPush, or a private grove leaks
-        // here even though the TS push path blocks it. Only a 'team' grove federates.
-        const groveGate = (() => {
-            try {
-                const has = dbRaw.prepare(`PRAGMA table_info(projects)`).all()
-                    .some((c) => c.name === 'sync_policy');
-                return has
-                    ? `AND (project_id IS NULL OR project_id IN (SELECT id FROM projects WHERE sync_policy = 'team'))`
-                    : ``;
-            }
-            catch {
-                return ``;
-            }
-        })();
-        for (const [kind, table, tsCol] of tables) {
-            if (out.length >= limit)
-                break;
-            try {
-                const rows = dbRaw.prepare(`SELECT * FROM ${table}
-           WHERE is_shared = 1 ${groveGate} AND ${tsCol} > ?
-           ORDER BY ${tsCol} ASC
-           LIMIT ?`).all(cursor, Math.max(1, limit - out.length));
-                for (const r of rows) {
-                    out.push({
-                        kind, id: r.id, project_id: r.project_id ?? null,
-                        updated_at: r[tsCol] ?? null,
-                        payload: r,
-                    });
-                }
-            }
-            catch { /* table may not have is_shared on pre-v4 DBs */ }
-        }
-        return { rows: out, count: out.length, cursor: new Date().toISOString() };
-    },
-    // ── Live Memory (v6.4) — event stream JSON pull ───────────────────────────
-    // The SSE counterpart `GET /events/stream` is special-cased in the server
-    // handler (long-lived response, can't fit this synchronous route table).
-    // `?project=` accepts a path or name; `?since=` is a cursor; `?limit=` 1-1000.
-    'GET /events': (args) => {
-        if (!getDb().liveMemoryEnabled())
-            return { e: 'live memory disabled', disabled: 1 };
-        const project = resolveProjectRef(args.project ?? args.p);
-        if (!project)
-            return { e: 'not found' };
-        const since = resolveStartCursor(undefined, args.since);
-        const limit = clampLimit(args.limit ?? args.l, 100, 1000);
-        // `shared=1` gates the read to is_shared events only — what a REMOTE device
-        // is allowed to pull (private events never leave the box). Omit for the
-        // same-device local UI/watcher, which may see everything.
-        const sharedOnly = args.shared === '1' || args.shared === 'true';
-        const events = sharedOnly
-            ? getDb().eventsForPush(project.id, since, limit)
-            : getDb().eventsSince(project.id, since, limit);
-        const cursor = events.length ? events[events.length - 1].cursor : since;
-        return { project: project.name, cursor, count: events.length, events };
-    },
-    // Live Memory replication INGEST (Phase 3). A peer POSTs its shared events
-    // here; we INSERT-OR-IGNORE (dedup on origin identity) and echo-suppress our
-    // own device. Bearer-gated by the existing HTTP auth. Body:
-    //   { project: <path|name>, events: RemoteEvent[] }  (or a single `event`).
-    'POST /events': (args) => {
-        if (!getDb().liveMemoryEnabled())
-            return { e: 'live memory disabled', disabled: 1 };
-        const project = resolveProjectRef(args.project ?? args.p);
-        if (!project)
-            return { e: 'not found' };
-        const incoming = (Array.isArray(args.events) ? args.events
-            : (args.event ? [args.event] : []));
-        if (incoming.length === 0)
-            return { e: 'events[] required' };
-        if (incoming.length > MAX_BATCH_OPS)
-            return { e: `max ${MAX_BATCH_OPS} events per request` };
-        let inserted = 0, duplicate = 0, echo = 0;
-        for (const ev of incoming) {
-            const r = getDb().ingestRemoteEvent(project.id, ev);
-            if (r === 'inserted')
-                inserted++;
-            else if (r === 'echo')
-                echo++;
-            else
-                duplicate++;
-        }
-        if (inserted > 0)
-            cache.invalidate('ctx');
-        return { project: project.name, inserted, duplicate, echo };
-    },
-    // Stats
-    'GET /stats': () => {
-        const { result, ms } = timed(() => getDb().getStats());
-        return { ...result, ms, cache: cache.stats() };
-    },
-    // Health check (unauthenticated)
-    'GET /health': () => ({ ok: 1, ts: Date.now() }),
-    // Auth status
-    'GET /auth/status': () => {
-        const status = getAuthStatus();
-        return {
-            auth: status.requireAuth ? 1 : 0,
-            origins: status.allowedOrigins.length
-        };
-    },
-    // ── UI Dashboard API ──────────────────────────────────────────────────────
-    // Aggregate stats for the Overview tab
-    'GET /ui/stats': () => {
-        const rawDb = getDb().getDatabase();
-        const projects = rawDb.prepare('SELECT COUNT(*) as c FROM projects').get().c;
-        const sessions = rawDb.prepare('SELECT COUNT(*) as c FROM sessions').get().c;
-        const activeQ = rawDb.prepare("SELECT COUNT(*) as c FROM quests WHERE status IN ('pending','in_progress')").get().c;
-        const dataPoints = rawDb.prepare('SELECT COUNT(*) as c FROM data_lake').get().c;
-        const arts = rawDb.prepare('SELECT COUNT(*) as c FROM memory_artifacts WHERE needs_review = 0').get().c;
-        const reviewQ = rawDb.prepare('SELECT COUNT(*) as c FROM memory_artifacts WHERE needs_review = 1').get().c;
-        const groundT = rawDb.prepare('SELECT COUNT(*) as c FROM ground_truths WHERE is_current = 1').get().c;
-        const recentSess = rawDb.prepare(`
+      `).all(`%${e}%`,`%${e}%`,`%${e}%`,r)}catch{return[]}},"GET /audit":t=>{const e=S(t.limit,50,500),r=t.kind,n=o().getDatabase();try{return r?n.prepare("SELECT * FROM audit_log WHERE event_kind = ? ORDER BY id DESC LIMIT ?").all(r,e):n.prepare("SELECT * FROM audit_log ORDER BY id DESC LIMIT ?").all(e)}catch{return[]}},"GET /sync/push":t=>{const e=t.since,r=S(t.limit,500,5e3),n=o().getDatabase(),s=[],a=e??"1970-01-01",u=[["session","sessions","created_at"],["quest","quests","created_at"],["truth","ground_truths","updated_at"],["artifact","memory_artifacts","last_accessed_at"],["edge","decision_edges","created_at"]],c=(()=>{try{return n.prepare("PRAGMA table_info(projects)").all().some(l=>l.name==="sync_policy")?"AND (project_id IS NULL OR project_id IN (SELECT id FROM projects WHERE sync_policy = 'team'))":""}catch{return""}})();for(const[i,l,m]of u){if(s.length>=r)break;try{const d=n.prepare(`SELECT * FROM ${l}
+           WHERE is_shared = 1 ${c} AND ${m} > ?
+           ORDER BY ${m} ASC
+           LIMIT ?`).all(a,Math.max(1,r-s.length));for(const p of d)s.push({kind:i,id:p.id,project_id:p.project_id??null,updated_at:p[m]??null,payload:p})}catch{}}return{rows:s,count:s.length,cursor:new Date().toISOString()}},"GET /events":t=>{if(!o().liveMemoryEnabled())return{e:"live memory disabled",disabled:1};const e=P(t.project??t.p);if(!e)return{e:"not found"};const r=Y(void 0,t.since),n=S(t.limit??t.l,100,1e3),a=t.shared==="1"||t.shared==="true"?o().eventsForPush(e.id,r,n):o().eventsSince(e.id,r,n),u=a.length?a[a.length-1].cursor:r;return{project:e.name,cursor:u,count:a.length,events:a}},"POST /events":t=>{if(!o().liveMemoryEnabled())return{e:"live memory disabled",disabled:1};const e=P(t.project??t.p);if(!e)return{e:"not found"};const r=Array.isArray(t.events)?t.events:t.event?[t.event]:[];if(r.length===0)return{e:"events[] required"};if(r.length>b)return{e:`max ${b} events per request`};let n=0,s=0,a=0;for(const u of r){const c=o().ingestRemoteEvent(e.id,u);c==="inserted"?n++:c==="echo"?a++:s++}return n>0&&E.invalidate("ctx"),{project:e.name,inserted:n,duplicate:s,echo:a}},"GET /stats":()=>{const{result:t,ms:e}=H(()=>o().getStats());return{...t,ms:e,cache:E.stats()}},"GET /health":()=>({ok:1,ts:Date.now()}),"GET /auth/status":()=>{const t=D();return{auth:t.requireAuth?1:0,origins:t.allowedOrigins.length}},"GET /ui/stats":()=>{const t=o().getDatabase(),e=t.prepare("SELECT COUNT(*) as c FROM projects").get().c,r=t.prepare("SELECT COUNT(*) as c FROM sessions").get().c,n=t.prepare("SELECT COUNT(*) as c FROM quests WHERE status IN ('pending','in_progress')").get().c,s=t.prepare("SELECT COUNT(*) as c FROM data_lake").get().c,a=t.prepare("SELECT COUNT(*) as c FROM memory_artifacts WHERE needs_review = 0").get().c,u=t.prepare("SELECT COUNT(*) as c FROM memory_artifacts WHERE needs_review = 1").get().c,c=t.prepare("SELECT COUNT(*) as c FROM ground_truths WHERE is_current = 1").get().c,i=t.prepare(`
       SELECT date, summary, objectives FROM sessions
       ORDER BY created_at DESC LIMIT 8
-    `).all();
-        return {
-            projects, sessions, active_quests: activeQ, data_points: dataPoints,
-            artifacts: arts, review_queue: reviewQ, truths: groundT,
-            recent_sessions: recentSess
-        };
-    },
-    // Paginated memory artifacts list with optional kind/search filters
-    'GET /ui/memories': (args) => {
-        const rawDb = getDb().getDatabase();
-        const page = Math.max(1, parseInt(String(args.page || '1'), 10));
-        const limit = Math.min(100, Math.max(1, parseInt(String(args.limit || '20'), 10)));
-        const kind = args.kind ? String(args.kind) : '';
-        const search = args.search ? String(args.search) : '';
-        const offset = (page - 1) * limit;
-        let query;
-        let countQuery;
-        let params;
-        let countParams;
-        if (search) {
-            const sanitized = sanitizeFtsQuery(search);
-            if (kind) {
-                query = `
+    `).all();return{projects:e,sessions:r,active_quests:n,data_points:s,artifacts:a,review_queue:u,truths:c,recent_sessions:i}},"GET /ui/memories":t=>{const e=o().getDatabase(),r=Math.max(1,parseInt(String(t.page||"1"),10)),n=Math.min(100,Math.max(1,parseInt(String(t.limit||"20"),10))),s=t.kind?String(t.kind):"",a=t.search?String(t.search):"",u=(r-1)*n;let c,i,l,m;if(a){const f=W(a);s?(c=`
           SELECT ma.*, p.name AS project_name
           FROM memory_artifacts ma
           JOIN memory_artifacts_fts fts ON fts.rowid = ma.id
           LEFT JOIN projects p ON ma.project_id = p.id
           WHERE memory_artifacts_fts MATCH ? AND ma.kind = ?
             AND ma.supersedes_id IS NULL
-          ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`;
-                countQuery = `
+          ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`,i=`
           SELECT COUNT(*) as c FROM memory_artifacts ma
           JOIN memory_artifacts_fts fts ON fts.rowid = ma.id
           WHERE memory_artifacts_fts MATCH ? AND ma.kind = ?
-            AND ma.supersedes_id IS NULL`;
-                params = [sanitized, kind, limit, offset];
-                countParams = [sanitized, kind];
-            }
-            else {
-                query = `
+            AND ma.supersedes_id IS NULL`,l=[f,s,n,u],m=[f,s]):(c=`
           SELECT ma.*, p.name AS project_name
           FROM memory_artifacts ma
           JOIN memory_artifacts_fts fts ON fts.rowid = ma.id
           LEFT JOIN projects p ON ma.project_id = p.id
           WHERE memory_artifacts_fts MATCH ? AND ma.supersedes_id IS NULL
-          ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`;
-                countQuery = `
+          ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`,i=`
           SELECT COUNT(*) as c FROM memory_artifacts ma
           JOIN memory_artifacts_fts fts ON fts.rowid = ma.id
-          WHERE memory_artifacts_fts MATCH ? AND ma.supersedes_id IS NULL`;
-                params = [sanitized, limit, offset];
-                countParams = [sanitized];
-            }
-        }
-        else if (kind) {
-            query = `
+          WHERE memory_artifacts_fts MATCH ? AND ma.supersedes_id IS NULL`,l=[f,n,u],m=[f])}else s?(c=`
         SELECT ma.*, p.name AS project_name
         FROM memory_artifacts ma
         LEFT JOIN projects p ON ma.project_id = p.id
         WHERE ma.kind = ? AND ma.supersedes_id IS NULL
-        ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`;
-            countQuery = `SELECT COUNT(*) as c FROM memory_artifacts WHERE kind = ? AND supersedes_id IS NULL`;
-            params = [kind, limit, offset];
-            countParams = [kind];
-        }
-        else {
-            query = `
+        ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`,i="SELECT COUNT(*) as c FROM memory_artifacts WHERE kind = ? AND supersedes_id IS NULL",l=[s,n,u],m=[s]):(c=`
         SELECT ma.*, p.name AS project_name
         FROM memory_artifacts ma
         LEFT JOIN projects p ON ma.project_id = p.id
         WHERE ma.supersedes_id IS NULL
-        ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`;
-            countQuery = `SELECT COUNT(*) as c FROM memory_artifacts WHERE supersedes_id IS NULL`;
-            params = [limit, offset];
-            countParams = [];
-        }
-        const items = rawDb.prepare(query).all(...params);
-        const total = rawDb.prepare(countQuery).get(...countParams).c;
-        return { items, total, page, limit };
-    },
-    // Quests grouped by status (kanban data)
-    'GET /ui/quests': () => {
-        const rawDb = getDb().getDatabase();
-        const rows = rawDb.prepare(`
+        ORDER BY ma.confidence DESC LIMIT ? OFFSET ?`,i="SELECT COUNT(*) as c FROM memory_artifacts WHERE supersedes_id IS NULL",l=[n,u],m=[]);const d=e.prepare(c).all(...l),p=e.prepare(i).get(...m).c;return{items:d,total:p,page:r,limit:n}},"GET /ui/quests":()=>{const e=o().getDatabase().prepare(`
       SELECT q.id, q.title, q.status, q.priority, p.name AS project_name
       FROM quests q
       LEFT JOIN projects p ON q.project_id = p.id
       ORDER BY q.created_at DESC
-    `).all();
-        const grouped = { pending: [], in_progress: [], completed: [], abandoned: [] };
-        for (const row of rows) {
-            if (grouped[row.status])
-                grouped[row.status].push(row);
-        }
-        return grouped;
-    },
-    // Paginated ground truths with staleness scores
-    'GET /ui/truths': (args) => {
-        const rawDb = getDb().getDatabase();
-        const page = Math.max(1, parseInt(String(args.page || '1'), 10));
-        const limit = Math.min(100, Math.max(1, parseInt(String(args.limit || '20'), 10)));
-        const offset = (page - 1) * limit;
-        const rows = rawDb.prepare(`
+    `).all(),r={pending:[],in_progress:[],completed:[],abandoned:[]};for(const n of e)r[n.status]&&r[n.status].push(n);return r},"GET /ui/truths":t=>{const e=o().getDatabase(),r=Math.max(1,parseInt(String(t.page||"1"),10)),n=Math.min(100,Math.max(1,parseInt(String(t.limit||"20"),10))),s=(r-1)*n,a=e.prepare(`
       SELECT gt.*, p.name AS project_name
       FROM ground_truths gt
       LEFT JOIN projects p ON gt.project_id = p.id
       WHERE gt.is_current = 1
       ORDER BY gt.updated_at DESC LIMIT ? OFFSET ?
-    `).all(limit, offset);
-        const total = rawDb.prepare('SELECT COUNT(*) as c FROM ground_truths WHERE is_current = 1').get().c;
-        const items = rows.map(row => ({ ...row, staleness: computeStaleness(row) }));
-        return { items, total, page, limit };
-    },
-    // Memory artifacts flagged for review
-    'GET /ui/review': () => {
-        const rawDb = getDb().getDatabase();
-        const items = rawDb.prepare(`
+    `).all(n,s),u=e.prepare("SELECT COUNT(*) as c FROM ground_truths WHERE is_current = 1").get().c;return{items:a.map(i=>({...i,staleness:at(i)})),total:u,page:r,limit:n}},"GET /ui/review":()=>({items:o().getDatabase().prepare(`
       SELECT ma.*, p.name AS project_name
       FROM memory_artifacts ma
       LEFT JOIN projects p ON ma.project_id = p.id
       WHERE ma.needs_review = 1
       ORDER BY ma.created_at DESC
-    `).all();
-        return { items };
-    },
-    // Active account + license tier (the dashboard identity badge). Reads the
-    // license from the SAME home dir as the active DB so the badge always matches
-    // the data on screen, even when an operator runs multiple Wyrm homes.
-    'GET /ui/account': () => {
-        const home = _assetDir(getDb().getDatabasePath());
-        try {
-            const licPath = _assetJoin(home, 'license.json');
-            if (_assetExists(licPath)) {
-                const signed = JSON.parse(_readAsset(licPath, 'utf-8'));
-                const v = verifyLicense(signed);
-                return {
-                    account: (signed.license && signed.license.issued_to) || 'unknown',
-                    tier: v.valid ? v.tier : 'free',
-                    valid: !!v.valid,
-                    expires: v.expiresAt || null,
-                    readonly: READONLY,
-                };
-            }
-        }
-        catch { /* fall through to the free/cloud fallback */ }
-        try {
-            const cloudPath = _assetJoin(home, 'cloud.json');
-            if (_assetExists(cloudPath)) {
-                const c = JSON.parse(_readAsset(cloudPath, 'utf-8'));
-                return { account: c.email || 'Local', tier: 'free', valid: false, expires: null, readonly: READONLY };
-            }
-        }
-        catch { /* ignore */ }
-        return { account: 'Local', tier: 'free', valid: false, expires: null, readonly: READONLY };
-    },
-    // Value/Impact metrics: what Wyrm has actually done (for the Impact tab).
-    'GET /ui/impact': () => {
-        const rawDb = getDb().getDatabase();
-        const n = (sql) => { try {
-            return (rawDb.prepare(sql).get()?.n) || 0;
-        }
-        catch {
-            return 0;
-        } };
-        return {
-            failures_blocked: n('SELECT COALESCE(SUM(occurrences),0) AS n FROM failure_patterns'),
-            tokens_saved: n('SELECT COALESCE(SUM(estimated_tokens),0) AS n FROM token_savings_log'),
-            memories: n('SELECT COUNT(*) AS n FROM memory_artifacts WHERE supersedes_id IS NULL'),
-            memories_week: n("SELECT COUNT(*) AS n FROM memory_artifacts WHERE created_at >= datetime('now','-7 days')"),
-            truths: n('SELECT COUNT(*) AS n FROM ground_truths WHERE is_current = 1'),
-            sessions: n('SELECT COUNT(*) AS n FROM sessions'),
-            quests_completed: n("SELECT COUNT(*) AS n FROM quests WHERE status = 'completed'"),
-            skills: n('SELECT COUNT(*) AS n FROM skills'),
-            projects: n('SELECT COUNT(*) AS n FROM projects'),
-        };
-    },
-    // Full detail for one memory artifact (the click-through modal).
-    'GET /ui/memory': (args) => {
-        const rawDb = getDb().getDatabase();
-        const id = parseInt(String((args && args.id) || '0'), 10);
-        if (!id)
-            return { item: null };
-        try {
-            const item = rawDb.prepare(`SELECT ma.*, p.name AS project_name
+    `).all()}),"GET /ui/account":()=>{const t=U(o().getDatabasePath());try{const e=_(t,"license.json");if(y(e)){const r=JSON.parse(R(e,"utf-8")),n=B(r);return{account:r.license&&r.license.issued_to||"unknown",tier:n.valid?n.tier:"free",valid:!!n.valid,expires:n.expiresAt||null,readonly:T}}}catch{}try{const e=_(t,"cloud.json");if(y(e))return{account:JSON.parse(R(e,"utf-8")).email||"Local",tier:"free",valid:!1,expires:null,readonly:T}}catch{}return{account:"Local",tier:"free",valid:!1,expires:null,readonly:T}},"GET /ui/impact":()=>{const t=o().getDatabase(),e=r=>{try{return t.prepare(r).get()?.n||0}catch{return 0}};return{failures_blocked:e("SELECT COALESCE(SUM(occurrences),0) AS n FROM failure_patterns"),tokens_saved:e("SELECT COALESCE(SUM(estimated_tokens),0) AS n FROM token_savings_log"),memories:e("SELECT COUNT(*) AS n FROM memory_artifacts WHERE supersedes_id IS NULL"),memories_week:e("SELECT COUNT(*) AS n FROM memory_artifacts WHERE created_at >= datetime('now','-7 days')"),truths:e("SELECT COUNT(*) AS n FROM ground_truths WHERE is_current = 1"),sessions:e("SELECT COUNT(*) AS n FROM sessions"),quests_completed:e("SELECT COUNT(*) AS n FROM quests WHERE status = 'completed'"),skills:e("SELECT COUNT(*) AS n FROM skills"),projects:e("SELECT COUNT(*) AS n FROM projects")}},"GET /ui/memory":t=>{const e=o().getDatabase(),r=parseInt(String(t&&t.id||"0"),10);if(!r)return{item:null};try{return{item:e.prepare(`SELECT ma.*, p.name AS project_name
          FROM memory_artifacts ma LEFT JOIN projects p ON ma.project_id = p.id
-         WHERE ma.id = ?`).get(id);
-            return { item: item || null };
-        }
-        catch {
-            return { item: null };
-        }
-    },
-    // Registered skills, for the Skills tab (grouped client-side by category).
-    'GET /ui/skills': () => {
-        const rawDb = getDb().getDatabase();
-        try {
-            const items = rawDb.prepare(`SELECT name, description, category, tier, usage_count, is_active
-         FROM skills ORDER BY category COLLATE NOCASE, name COLLATE NOCASE`).all();
-            return { items, total: items.length };
-        }
-        catch {
-            return { items: [], total: 0 }; // skills table may not exist on an old DB
-        }
-    },
-    // List the Wyrm homes/accounts on this machine (the switcher dropdown).
-    'GET /ui/homes': () => {
-        const homes = discoverHomes();
-        let active = getDb().getDatabasePath();
-        try {
-            active = _realpath(active);
-        }
-        catch { /* keep as-is */ }
-        return { homes: homes.map(h => ({ ...h, active: h.dbPath === active })) };
-    },
-    // Switch the dashboard to another home (re-points the server's DB connection).
-    // Only homes returned by discoverHomes() are accepted, so no arbitrary path.
-    'POST /ui/switch': (args) => {
-        const target = String((args && args.path) || '');
-        const match = discoverHomes().find(h => h.dbPath === target);
-        if (!match)
-            return { ok: false, error: 'unknown home' };
-        try {
-            switchDb(new WyrmDB(match.dbPath));
-            return { ok: true, account: match.account, tier: match.tier };
-        }
-        catch (e) {
-            return { ok: false, error: e instanceof Error ? e.message : String(e) };
-        }
-    }
-};
-// ── Live Memory (v6.4 Phase 2) — SSE event stream ────────────────────────────
-// Long-lived `text/event-stream` response: bypasses the JSON route table and is
-// dispatched directly from the server handler. Catches up the backlog since the
-// caller's cursor, then tails new events (1s poll — better-sqlite3 has no change
-// feed). Resumes from `Last-Event-ID` on reconnect; 25s keep-alive comments.
-function handleEventStream(req, res, args) {
-    if (!getDb().liveMemoryEnabled()) {
-        send(res, req, { e: 'live memory disabled', disabled: 1 }, 503);
-        return;
-    }
-    const project = resolveProjectRef(args.project ?? args.p);
-    if (!project) {
-        send(res, req, { e: 'not found' }, 404);
-        return;
-    }
-    // DoS guard: cap concurrent SSE connections globally AND per-IP (each holds a
-    // poll timer + DB query/sec) so one client can't starve live memory for everyone.
-    const sseIp = req.socket.remoteAddress || 'unknown';
-    if (activeStreams >= MAX_SSE_STREAMS) {
-        send(res, req, { e: 'too many concurrent streams', retry_after: 5 }, 503);
-        return;
-    }
-    if ((sseByIp.get(sseIp) ?? 0) >= MAX_SSE_PER_IP) {
-        send(res, req, { e: 'too many concurrent streams from this client', retry_after: 5 }, 503);
-        return;
-    }
-    activeStreams++;
-    sseByIp.set(sseIp, (sseByIp.get(sseIp) ?? 0) + 1);
-    let cursor = resolveStartCursor(req.headers['last-event-id'], args.since);
-    // SECURITY: a REMOTE (non-loopback) subscriber may ONLY ever receive shareable
-    // events — private (is_shared=0) events never leave the box, no matter what the
-    // client asks for. The same-device local UI/watcher (loopback) may opt into all.
-    const sseIsLoopback = sseIp === '127.0.0.1' || sseIp === '::1' || sseIp === '::ffff:127.0.0.1';
-    const sharedOnly = !sseIsLoopback || args.shared === '1' || args.shared === 'true';
-    res.writeHead(200, {
-        ...getSecurityHeaders(req),
-        'Content-Type': 'text/event-stream; charset=utf-8',
-        'Cache-Control': 'no-cache, no-transform',
-        'Connection': 'keep-alive',
-        'X-Accel-Buffering': 'no', // defeat reverse-proxy buffering (nginx etc.)
-    });
-    res.write('retry: 3000\n\n'); // advise client reconnect backoff
-    let poll;
-    let ka;
-    let cleaned = false;
-    const cleanup = () => {
-        if (cleaned)
-            return; // idempotent — fires from req/res close+error, decrement exactly once
-        cleaned = true;
-        if (poll)
-            clearInterval(poll);
-        if (ka)
-            clearInterval(ka);
-        activeStreams--;
-        const n = (sseByIp.get(sseIp) ?? 1) - 1;
-        if (n <= 0)
-            sseByIp.delete(sseIp);
-        else
-            sseByIp.set(sseIp, n);
-    };
-    const flush = () => {
-        if (res.writableEnded) {
-            cleanup();
-            return;
-        }
-        try {
-            // eventsSince is failure-isolated at the DB layer; on a transient error
-            // we simply skip this tick and retry on the next.
-            const batch = sharedOnly
-                ? getDb().eventsForPush(project.id, cursor, 200)
-                : getDb().eventsSince(project.id, cursor, 200);
-            for (const ev of batch) {
-                cursor = ev.cursor;
-                res.write(sseFrame(ev));
-            }
-        }
-        catch { /* retry next tick */ }
-    };
-    flush(); // immediate backlog catch-up since `cursor`
-    poll = setInterval(flush, 1000);
-    ka = setInterval(() => { try {
-        res.write(SSE_KEEPALIVE);
-    }
-    catch { /* socket gone */ } }, 25000);
-    // Clear timers + free the slot on EVERY disconnect path (abrupt resets fire
-    // res 'error'/'close' but not always req 'close').
-    req.on('close', cleanup);
-    res.on('close', cleanup);
-    res.on('error', cleanup);
-}
-// Server with authentication
-const server = http.createServer(async (req, res) => {
-    // Apply auth middleware - handles CORS preflight and auth validation
-    const authResult = authMiddleware(req, res);
-    if (authResult.error)
-        return;
-    try {
-        const url = new URL(req.url || '/', `http://localhost:${PORT}`);
-        // ── Read-only / public-view gate (single chokepoint) ──────────────────────
-        // Sits ABOVE every channel: the routes map, the regex-matched review
-        // approve/reject (NOT in the routes map), the SSE stream, and the /batch
-        // fan-out. The predicate lives in readonly-gate.ts (pure + unit-tested);
-        // gating by HTTP method there catches all current AND future write routes, so
-        // a new write route can't silently slip the gate: the lesson the grove PR taught us.
-        if (READONLY && readonlyBlocks(req.method || 'GET', url.pathname)) {
-            send(res, req, { e: 'read-only mode', readonly: 1 }, 403);
-            return;
-        }
-        let args;
-        try {
-            args = await body(req);
-        }
-        catch (parseErr) {
-            const msg = parseErr.message;
-            if (msg === 'Invalid JSON') {
-                send(res, req, { e: 'Invalid JSON body' }, 400);
-                return;
-            }
-            throw parseErr;
-        }
-        // Add query params
-        url.searchParams.forEach((v, k) => args[k] = v);
-        // Special case: browser dashboard — returns HTML, not JSON
-        // Brand asset: the silver dragon mark for the dashboard logo.
-        if (req.method === 'GET' && url.pathname === '/dragon-mark.svg') {
-            try {
-                if (!_dragonSvgCache && _assetExists(DRAGON_SVG_PATH))
-                    _dragonSvgCache = _readAsset(DRAGON_SVG_PATH);
-                if (_dragonSvgCache) {
-                    res.writeHead(200, { ...getSecurityHeaders(req), 'Content-Type': 'image/svg+xml', 'Cache-Control': 'public, max-age=86400', 'Content-Length': _dragonSvgCache.length });
-                    res.end(_dragonSvgCache);
-                    return;
-                }
-            }
-            catch { /* fall through */ }
-            send(res, req, { e: 'not found' }, 404);
-            return;
-        }
-        if (req.method === 'GET' && url.pathname === '/ui') {
-            sendHtml(res, req, getUIDashboardHTML());
-            return;
-        }
-        // Special case: Live Memory SSE — long-lived text/event-stream, not JSON
-        if (req.method === 'GET' && url.pathname === '/events/stream') {
-            handleEventStream(req, res, args);
-            return;
-        }
-        // Dynamic UI review routes: POST /ui/review/:id/approve|reject
-        const reviewMatch = url.pathname.match(/^\/ui\/review\/(\d+)\/(approve|reject)$/);
-        if (req.method === 'POST' && reviewMatch) {
-            const id = parseInt(reviewMatch[1], 10);
-            const action = reviewMatch[2];
-            const rawDb = getDb().getDatabase();
-            if (action === 'approve') {
-                rawDb.prepare('UPDATE memory_artifacts SET needs_review = 0 WHERE id = ?').run(id);
-            }
-            else {
-                rawDb.prepare('DELETE FROM memory_artifacts WHERE id = ?').run(id);
-            }
-            send(res, req, { ok: true });
-            return;
-        }
-        const key = `${req.method} ${url.pathname}`;
-        const handler = routes[key];
-        if (!handler) {
-            if (url.pathname === '/') {
-                send(res, req, {
-                    wyrm: '3.0',
-                    auth: getAuthStatus().requireAuth ? 'required' : 'disabled',
-                    tip: 'GET /c for quick context'
-                });
-                return;
-            }
-            send(res, req, { e: 'not found' }, 404);
-            return;
-        }
-        // v7 F2 (T009): `Wyrm-Actor: agent_id[;run_id]` — the HTTP analogue of MCP
-        // _meta['wyrm/actor']. Parsed/validated/length-capped at the boundary
-        // (Article VII: a malformed header is ignored whole, never partially
-        // honored); the route handler runs inside the envelope's ALS context so
-        // every attributed write it reaches stamps agent_id/run_id. Without the
-        // header the env level (WYRM_AGENT_ID/WYRM_RUN_ID) still applies; with
-        // nothing known, columns stay NULL (reads as actor='legacy').
-        const actorEnvelope = resolveActorEnvelope({ header: req.headers['wyrm-actor'] });
-        const { result, ms } = timed(() => runWithActor(actorEnvelope, () => handler(args)));
-        res.setHeader('X-Time-Ms', String(ms));
-        send(res, req, result);
-    }
-    catch (err) {
-        // v7 F2 (T011/T012 + review fix): the retryable write family (SQLITE_BUSY
-        // and a tripped circuit breaker — both classified by retryableWriteCause)
-        // gets the same structured BUSY/RETRY body as the MCP dispatcher, as
-        // HTTP 503 + Retry-After. A daemon-writer client treats the 503 as a
-        // PROVEN no-commit (the write threw before committing) and fails direct;
-        // other HTTP consumers get a machine-readable retryable signal.
-        const busyCause = retryableWriteCause(err);
-        if (busyCause !== null) {
-            const body = busyErrorBody('http', busyCause);
-            res.setHeader('Retry-After', String(Math.ceil(body.error.retry_after_ms / 1000)));
-            send(res, req, body, 503);
-            return;
-        }
-        logger.error('Fast API request failed', {
-            path: req.url,
-            error: err.message
-        });
-        send(res, req, { e: 'Internal server error' }, 500);
-    }
-});
-// Graceful shutdown — checkpoint WAL and close DB cleanly.
-// `_db?.` (not getDb()): never lazily OPEN a database just to close it.
-const shutdown = () => {
-    server.close(() => {
-        try {
-            _db?.close();
-        }
-        catch { /* ignore */ }
-        process.exit(0);
-    });
-};
-process.on('SIGINT', shutdown);
-process.on('SIGTERM', shutdown);
-// Only auto-listen when run directly as a binary, not when imported by wyrm-cli (`wyrm serve`)
-import { fileURLToPath } from 'url';
-const __filename = fileURLToPath(import.meta.url);
-if (process.argv[1] === __filename) {
-    const BIND_HOST = process.env.WYRM_BIND_HOST || '127.0.0.1';
-    server.listen(PORT, BIND_HOST, () => {
-        logger.info('Wyrm Fast API started', { port: PORT, host: BIND_HOST });
-        console.log(`󱅝 Wyrm Fast API on ${BIND_HOST}:${PORT}`);
-        console.log(`   Auth: ${getAuthStatus().requireAuth ? 'required' : 'disabled'}`);
-        if (READONLY)
-            console.log('   Read-only: writes + off-box egress blocked (safe to expose)');
-        if (BIND_HOST !== '127.0.0.1' && BIND_HOST !== '::1' && BIND_HOST !== 'localhost') {
-            logger.warn('Wyrm Fast API bound to a NON-loopback host — reachable beyond localhost; ensure auth is required', { host: BIND_HOST });
-            console.log(`   ⚠  bound to ${BIND_HOST}: reachable beyond localhost — make sure auth is required`);
-            if (!READONLY)
-                console.log('   ⚠  not in read-only mode; set WYRM_UI_READONLY=1 for a public bind');
-        }
-    });
-}
-export { server };
-//# sourceMappingURL=http-fast.js.map
+         WHERE ma.id = ?`).get(r)||null}}catch{return{item:null}}},"GET /ui/skills":()=>{const t=o().getDatabase();try{const e=t.prepare(`SELECT name, description, category, tier, usage_count, is_active
+         FROM skills ORDER BY category COLLATE NOCASE, name COLLATE NOCASE`).all();return{items:e,total:e.length}}catch{return{items:[],total:0}}},"GET /ui/homes":()=>{const t=$();let e=o().getDatabasePath();try{e=G(e)}catch{}return{homes:t.map(r=>({...r,active:r.dbPath===e}))}},"POST /ui/switch":t=>{const e=String(t&&t.path||""),r=$().find(n=>n.dbPath===e);if(!r)return{ok:!1,error:"unknown home"};try{return gt(new F(r.dbPath)),{ok:!0,account:r.account,tier:r.tier}}catch(n){return{ok:!1,error:n instanceof Error?n.message:String(n)}}}};function Lt(t,e,r){if(!o().liveMemoryEnabled()){h(e,t,{e:"live memory disabled",disabled:1},503);return}const n=P(r.project??r.p);if(!n){h(e,t,{e:"not found"},404);return}const s=t.socket.remoteAddress||"unknown";if(N>=St){h(e,t,{e:"too many concurrent streams",retry_after:5},503);return}if((O.get(s)??0)>=_t){h(e,t,{e:"too many concurrent streams from this client",retry_after:5},503);return}N++,O.set(s,(O.get(s)??0)+1);let a=Y(t.headers["last-event-id"],r.since);const c=!(s==="127.0.0.1"||s==="::1"||s==="::ffff:127.0.0.1")||r.shared==="1"||r.shared==="true";e.writeHead(200,{...L(t),"Content-Type":"text/event-stream; charset=utf-8","Cache-Control":"no-cache, no-transform",Connection:"keep-alive","X-Accel-Buffering":"no"}),e.write(`retry: 3000
+
+`);let i,l,m=!1;const d=()=>{if(m)return;m=!0,i&&clearInterval(i),l&&clearInterval(l),N--;const f=(O.get(s)??1)-1;f<=0?O.delete(s):O.set(s,f)},p=()=>{if(e.writableEnded){d();return}try{const f=c?o().eventsForPush(n.id,a,200):o().eventsSince(n.id,a,200);for(const k of f)a=k.cursor,e.write(dt(k))}catch{}};p(),i=setInterval(p,1e3),l=setInterval(()=>{try{e.write(mt)}catch{}},25e3),t.on("close",d),e.on("close",d),e.on("error",d)}const w=Q.createServer(async(t,e)=>{if(!z(t,e).error)try{const n=new URL(t.url||"/",`http://localhost:${C}`);if(T&&pt(t.method||"GET",n.pathname)){h(e,t,{e:"read-only mode",readonly:1},403);return}let s;try{s=await vt(t)}catch(d){if(d.message==="Invalid JSON"){h(e,t,{e:"Invalid JSON body"},400);return}throw d}if(n.searchParams.forEach((d,p)=>s[p]=d),t.method==="GET"&&n.pathname==="/dragon-mark.svg"){try{if(!v&&y(x)&&(v=R(x)),v){e.writeHead(200,{...L(t),"Content-Type":"image/svg+xml","Cache-Control":"public, max-age=86400","Content-Length":v.length}),e.end(v);return}}catch{}h(e,t,{e:"not found"},404);return}if(t.method==="GET"&&n.pathname==="/ui"){Rt(e,t,nt());return}if(t.method==="GET"&&n.pathname==="/events/stream"){Lt(t,e,s);return}const a=n.pathname.match(/^\/ui\/review\/(\d+)\/(approve|reject)$/);if(t.method==="POST"&&a){const d=parseInt(a[1],10),p=a[2],f=o().getDatabase();p==="approve"?f.prepare("UPDATE memory_artifacts SET needs_review = 0 WHERE id = ?").run(d):f.prepare("DELETE FROM memory_artifacts WHERE id = ?").run(d),h(e,t,{ok:!0});return}const u=`${t.method} ${n.pathname}`,c=J[u];if(!c){if(n.pathname==="/"){h(e,t,{wyrm:"3.0",auth:D().requireAuth?"required":"disabled",tip:"GET /c for quick context"});return}h(e,t,{e:"not found"},404);return}const i=ft({header:t.headers["wyrm-actor"]}),{result:l,ms:m}=H(()=>Et(i,()=>c(s)));e.setHeader("X-Time-Ms",String(m)),h(e,t,l)}catch(n){const s=ut(n);if(s!==null){const a=lt("http",s);e.setHeader("Retry-After",String(Math.ceil(a.error.retry_after_ms/1e3))),h(e,t,a,503);return}A.error("Fast API request failed",{path:t.url,error:n.message}),h(e,t,{e:"Internal server error"},500)}}),q=()=>{w.close(()=>{try{g?.close()}catch{}process.exit(0)})};process.on("SIGINT",q),process.on("SIGTERM",q);import{fileURLToPath as Ct}from"url";const bt=Ct(import.meta.url);if(process.argv[1]===bt){const t=process.env.WYRM_BIND_HOST||"127.0.0.1";w.listen(C,t,()=>{A.info("Wyrm Fast API started",{port:C,host:t}),console.log(`\u{F115D} Wyrm Fast API on ${t}:${C}`),console.log(`   Auth: ${D().requireAuth?"required":"disabled"}`),T&&console.log("   Read-only: writes + off-box egress blocked (safe to expose)"),t!=="127.0.0.1"&&t!=="::1"&&t!=="localhost"&&(A.warn("Wyrm Fast API bound to a NON-loopback host \u2014 reachable beyond localhost; ensure auth is required",{host:t}),console.log(`   \u26A0  bound to ${t}: reachable beyond localhost \u2014 make sure auth is required`),T||console.log("   \u26A0  not in read-only mode; set WYRM_UI_READONLY=1 for a public bind"))})}export{w as server};